Per-domain SSL certificate for POSTFIX (Single IP)

Hi, A while ago i came across this article which shows a way to have per-domain ssl certificates for postfix on a single IP address since the release of postfix 3.4. Are there any plans to implement such a thing? It would improve both webmin and virtualmin on a big way!

Article: http://postfix.1071664.n5.nabble.com/How-to-use-the-new-server-TLS-SNI-feature-3-4-x-td100786.html#a101029

Official POSTFIX documentation: http://www.postfix.org/postconf.5.html#tls_server_sni_maps

Best regards,
Micha de Vries

contact@michadevries.nl

Yes, it’s supported in 6.10+. But, only if you have a version of Postfix that supports it.

Edit: but, I don’t recommend using it yet. It’s super new, and probably has bugs. I still recommend that for production servers you have one (1) domain that you use for all mail-related activity.

1 Like

Joe, just FYI, I’ve been using it with zero problems at all on a server that hosts only my own personally-owned sites.

In fact, I set up a temporary, throwaway email address on one of my domains that’s using it yesterday, and it was the first time Thunderbird’s automatic configuration actually worked. Previously I’d have to manually override it. This time I entered the email address and password, and that was that. Same thing with K9 on Android.

That’s using Postfix 3.5.3 from the GhettoForge repos. I’m a little more adventurous on a server hosting only my own stuff.

Richard

2 Likes

Oh, that’s amazing! I have been wandering around for a little bit and we’re unable to find any related settings for it (and therefore made the forum post). Can somebody provide me with (basic) instructions on how to set this up? I as well, always get kind of irritated by the auto configurations not working.

Something unrelated for Joe, about a week ago i send an email to sales@virtualmin.com from the same email provided in my initial post on this thread and i haven’t received a response yet, could it perhaps have ended up in the spam folder?

1 Like

It seems like version 3.4 or higher is not available for 18.04. I will figure out how i can properly upgrade to 20.04 on my Contabo VPS, and if i have any further questions, i’ll let you know.

@Joe could you provide me with the steps to set it up? I have now upgraded my system to ubuntu server 20.04 but i’m not quite able to figure out how to set it all up…

I’ve never set it up; I have no idea how it works yet. But, I think it’s automatic, as it is for Dovecot.

All I did was manually update Postfix, manually edit one configuration file that contained nothing but the Postfix version, and restart Webmin. Voila, the options were available.

Richard

Looking at the GhettoForge page again, that appears to be only for RH-based systems. I have no idea whether it’s available for Debian-based systems.

Richard

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.